Network Performance and Security
Testing and Analyzing Using Open Source and Low-Cost Tools
- 1st Edition - March 9, 2016
- Author: Chris Chapman
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 8 0 3 5 8 4 - 9
- eBook ISBN:9 7 8 - 0 - 1 2 - 8 0 3 6 0 1 - 3
Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools gives mid-level IT engineers the practical tips and tricks they need to use the best open… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteNetwork Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools gives mid-level IT engineers the practical tips and tricks they need to use the best open source or low cost tools available to harden their IT infrastructure. The book details how to use the tools and how to interpret them. Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools begins with an overview of best practices for testing security and performance across devices and the network. It then shows how to document assets—such as servers, switches, hypervisor hosts, routers, and firewalls—using publicly available tools for network inventory.
The book explores security zoning the network, with an emphasis on isolated entry points for various classes of access. It shows how to use open source tools to test network configurations for malware attacks, DDoS, botnet, rootkit and worm attacks, and concludes with tactics on how to prepare and execute a mediation schedule of the who, what, where, when, and how, when an attack hits.
Network security is a requirement for any modern IT infrastructure. Using Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools makes the network stronger by using a layered approach of practical advice and good testing practices.
- Offers coherent, consistent guidance for those tasked with securing the network within an organization and ensuring that it is appropriately tested
- Focuses on practical, real world implementation and testing
- Employs a vetted "security testing by example" style to demonstrate best practices and minimize false positive testing
- Gives practical advice for securing BYOD devices on the network, how to test and defend against internal threats, and how to continuously validate a firewall device, software, and configuration
- Provides analysis in addition to step by step methodologies
IT engineers, network architects, network product engineers, network designers, Students in Computer Networking and Information Security
- Dedication
- Chapter 1: Introduction to practical security and performance testing
- Abstract
- A Baseline Understanding of Security Concepts
- Volumetric Attacks and Attack Frequency Across the Internet
- Security Network Elements
- A Baseline Understanding of Network Performance Concepts
- Network Events that can Effect Hard and Soft Errors for Flows
- Summary—Before We Start to Harden the Network
- Chapter 2: Getting organized with initial audit of the network
- Abstract
- Goals and Objectives of this Chapter: Positive Identification of Valid Assets
- Auditing Host Assets
- Installing an NMS: SpiceWorks
- Performing Audit of Server Assets
- Documenting Network Element Objects
- Documenting Topology Zone Assets
- Documenting Information Assets
- Adding the Network to the NMS
- Chapter Summary
- Chapter 3: Locking down the infrastructure: Internet, Wi-Fi, wired, VPN, WAN, and the core
- Abstract
- Locking Down and Optimizing the Core Network
- Implementing 802.1x MAC Authentication
- Optimizing Performance of the Network Edge and Core
- Locking Down and Optimizing the WAN
- Summary Putting Optimization and Security Together
- Locking Down and Optimizing Organizational Wi-Fi Access
- Optimizing Your External Firewall and Internet Connection
- Summarizing Infrastructure Security
- Chapter 4: Locking down and optimizing the windows client
- Abstract
- Keeping Windows Patched
- Defining Approved Software
- Setting User Rights Correctly and Locking Down Install Rights
- The Importance of Windows UAC
- Hardening Windows Networking
- Local Firewalling and Mitigation
- Hardening the Browser
- Optimizing Windows Client Performance
- Installing Windows and Component Software
- Chapter 5: Server patterns
- Abstract
- Better Use of Your Hardware and Infrastructure
- Server Clusters Are Software Defined
- Virtualized Servers Has Elastic Performance
- Virtualization Provides the Best Solution for Disaster Recover
- More Intelligent Use of Storage
- Some Recommendations and Caveats Regarding Virtualization
- Securing the Hypervisor Host
- NFV Server Chain Case studies
- Hardening SSL
- Self-Hosted Cloud File Storage
- Chapter 6: Testing for security flaws using penetration testing
- Abstract
- Data Theft for Profit
- Revenge Attacks
- Industrial Espionage
- Terrorism/Cyber Warfare
- Arbitrary Reasons
- Prepping Kali Linux for Use
- Installing “Empty” for Automation
- Metasploit Workflow
- Chapter 7: Using Wireshark and TCP dump to visualize traffic
- Abstract
- Understanding Valid Traffic in the Network
- Setting Up a Span Port
- Using Capture and Display Filters
- Example of Using Display Filters to Detect Reverse HTTP Meterpreter Shell
- Using Custom HTTP Headers as a Backup Authentication
- Looking for a Malware Signature Using Raw Hex
- Debugging SIP Register with Display Filters
- Using Built-In Wireshark Analysis Tools
- Using Endpoints Statics
- Determine Packet Length Distributions
- Visualizing Performance With IOGraph
- Using FlowGraph to Visualize Traffic
- Collecting HTTP Stats in Wireshark
- Using Wireshark Command Line Tools
- How to Remotely Capture Traffic on a Linux Host
- Merging/Slicing PCAP Files Using Mergecap
- Getting Information About a PCAP File Using CAPINFOS
- Editing a Capture File with Editcap
- Using TCPdump
- Filter Captures with TCPdump
- Chapter 8: Using SNORT
- Abstract
- Building and IDS Appliance with SNORT
- Installing SNORT
- Building and Update Script to Update the System and SNORT
- Configuring and Using SNORT
- Configuring Intrusion Detection Mode
- Capturing Packets with DAQ
- Snort Basic Output
- Actions, Limits, and Verdicts
- Running Snort as a Daemon
- Configuring snort.conf File
- Example SNORT Rules
- Installing Snorby: SNORT Visualized
- Chapter 9: Live traffic analytics using “Security Onion”
- Abstract
- Building Security Onion
- Updating Security Onion Appliance
- Replaying PCAP Traffic in Security Onion
- Using Snorby for Threat Visualization
- Setting Snorby Preferences
- Basic Snorby Usage
- Decoding an Attack Event in Snorby
- Another Perspective on IDS Using Squert
- Using Sguil for Monitoring Post and Real-time Events
- Additional Tools in Security Onion
- Final Thoughts About Security Onion
- Chapter 10: Traffic performance testing in the network
- Abstract
- Bandwidth, Packet Per Seconds and RFC 2544: Avoiding the False Positive
- Optimal Testing Methodology
- Testing with Streams: Ostinato
- Testing TCP with iPerf3
- Using NTOP for Traffic Analysis
- Applied Wireshark: Debugging and Characterizing TCP Connections
- Emulating the Behavior of the WAN for Testing
- Chapter 11: Build your own network elements
- Abstract
- Building Your Own Router—VyOS
- Building Your Own Open Source Switch: Open vSwitch (OVS)
- Building Your Own Open Source Server Load Balancer (SLB)
- Setting Up a DHCP Server in Ubuntu
- Building Your Own LAMP Server
- Chapter 12: Request for proposal and proof of concept example usecases
- Abstract
- Evaluating an L3 Switch
- Subject Index
- No. of pages: 380
- Language: English
- Edition: 1
- Published: March 9, 2016
- Imprint: Syngress
- Paperback ISBN: 9780128035849
- eBook ISBN: 9780128036013
CC